|Publication number||US7058709 B2|
|Application number||US 10/035,724|
|Publication date||Jun 6, 2006|
|Filing date||Nov 7, 2001|
|Priority date||Nov 14, 2000|
|Also published as||US20020091813|
|Publication number||035724, 10035724, US 7058709 B2, US 7058709B2, US-B2-7058709, US7058709 B2, US7058709B2|
|Inventors||Marc Lamberton, Eric Levy-Abegnoli, Pascal Thubert|
|Original Assignee||International Business Machines Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (11), Non-Patent Citations (9), Referenced by (5), Classifications (13), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
The present invention relates to theft prevention of personal computers and other similar computer-like devices that are easily removable. It is more particularly concerned with those devices that normally connect to a network e.g., a LAN (Local Area Network), while in use.
Laptop computers and other similar computer-like devices are getting smaller, lighter and more powerful. What makes them appealing to business people also attracts criminals. If there is nothing as frustrating as losing a word processing document or a spreadsheet file, losing a whole computer to theft and its invaluable content such as highly confidential and sensitive business-critical data may be devastating to an organization. In all surveys about computer crime conducted e.g., by insurance companies or some specialized governmental agencies, large companies and organizations that participate to these surveys, are bound to report losses that must be expressed in million of dollars from laptop theft alone. While the trend is a significant increase from year to year analysts agree to say this is just the tip of the iceberg as most laptop computer thefts go actually unreported. Most stolen equipment is never recovered. Thus, vendors of computer security products have responded with a slew of gadgets to deter laptop theft. As far aso physical security is concerned there are many devices available on the market for preventing the theft of equipment. These devices include, locks, cabinets, cables, alarms and deterrent products such as warning labels and equipment used to mark components. If alarms do not prevent the theft of equipment they usually act as a deterrent as well as to alert people in the vicinity or a central location that a device has been removed from its usual location. Alarms can either be installed inside the equipment or on the outside. These devices usually emit loud, piercing sounds if the equipment is moved or if the alarm is tampered with. Some alarms are equipped with keys to enable authorized personnel to deactivate them. Apart from the locks that most personal computers come equipped with, there are other devices that can be used to prevent unauthorized removal of the equipment. Many use either adhesive-mounted pads or metal brackets to fasten the computer and other equipment to a desk or table top. These devices are usually manufactured out of hardened steel. Some use special adhesives and others use bolts. Anchors and cables enable the anchoring of devices to desks. Cables are probably the most common physical security devices and usually the cheapest. They also tend to be the most flexible. Usually, steel cables are passed through metal rings that are attached to the equipment and a desk or table. Although cables prevent an individual from quickly walking away with a piece of equipment, they can be cut, although not with ordinary tools. If all of this is relatively efficient, if indeed properly enforced, it is far to be convenient. Attaching its laptop through a cable to an immovable object every time one moves in its working place is definitively very inconvenient and tend to be often dismissed hence, not really solving the problem.
On the other hand laptops used in company and organization offices and workplaces (and even at home which tend to become another workplace) are most often, not to say always, permanently connected to some sort of local area network (wired or wireless) or has a permanent link to an Intranet or an Internet service provider. Because such links are vital to conduct their work and business all those having to use portable computers and similar devices never miss in practice to first connect to their network e.g., to download their mail or to access some sort of data bases to get updated on their business. Hence, the act of connecting to a network is willingly done since it is the necessary step to obtaining the news and information, and to be kept constantly updated, about its everyday activity.
Thus, it is an aspect of the invention to enable surveillance of a network connected device from the network.
It is another aspect of the invention to issue an alarm to a central surveillance unit whenever a laptop or similar computer-like device is, without notice, disconnected from a network.
It is yet another aspect of the invention to define a log in and log out procedure to permit that a removable computer-like device be reliability monitored while in use and connected to a network.
Further aspects, features and advantages of the present invention will become apparent to the ones skilled in the art upon examination of the following description in reference to the accompanying drawings. It is intended that any additional advantages be incorporated herein.
Thus the invention provides, methods and system for enabling the surveillance of computer-like devices connected to a communications network. In an example embodiment, a communications network includes a Network Surveillance Server (NSS).
Upon joining the communications network, a computer-like device is required to log-in to NSS. Then, NSS polls the device connected on the communications network so that an alarm can be issued from NSS to a central surveillance unit, when the computer-like device fails responding to polling. Prior to leaving the communications network, the computer-like device logs-out from NSS. This allows the computer-like devices to be watched as long as they stay connected onto the communications network
These and other aspects, features, and advantages of the present invention will become apparent upon further consideration of the following detailed description of the invention when read in conjunction with the drawing figures, in which:
As far as mobile devices and wireless networks are concerned  the question for NSS is rather to understand if device is still in proper hands since this kind of device does not actually physically disconnect from a network (nothing is unplugged) as with a wired LAN. Monitoring may include various methods like checking if mobile stays within a communication cell , or a group of cells, it is normally expected to roam in. Also, such a mobile device must identify itself through a portal  so, an unexpected use of portal or use of a different portal may become the indication of something that needs to be further checked by NSS before issuing an alarm. And, for those of the portable or mobile devices that are not limited to data only transmission but are normally equipped for transmitting voice and even video too, NSS may house the proper technology to perform biometric checking over the individual  actually using the device. Especially, voice intonation can be checked and used as a strong authentication of who is actually using the device.
More generally the more sophisticated of the NSS's, per the invention, are devised to not only check if a device is, when applicable, actually physically connected to the network, from which surveillance is exercised, but also to check all sorts of behaving and biometric data about those that are connected and which can be easily acquired through the network itself, like voice and typing speed on a computer keyboard, so as alarms  can be timely reported to the surveillance unit . This way of checking, beyond a simple physical disconnection from network, may require to implement further checking by NSS not to trigger false alarms like having to first call back the registered owner  of a mobile device for further checking.
As far as IP networks are concerned the surveillance service as disclosed by the invention may preferably be implemented in a similar way as the Dynamic Host Configuration Protocol (DHCP) of the Internet Engineering Task Force (IETF) as described in RFC 2131, March 1997. While DHCP purpose is to enable individual computers on an IP network to extract their configurations from a server (the ‘DHCP’ server) that has no exact information about the individual computer that wants to connect until it request this information from the computer itself. At which time this latter is attributed a dynamic IP address for the time of a DHCP lease. Similarly, the invention introduces a NSS or Network Surveillance Server, in charge of watching the computers and devices that desire to connect to the network however, requiring a log in and log out procedure to the network so as they can be watched while connected.
It is worth mentioning here that ‘credentials’ broadly refers to any method, known from the art, of authenticating a legitimate registered user. This includes simple methods requiring to sign on and sign off with a password or with a Personal Identification Number (PIN) to much more sophisticated ones e.g., implying the possession and the use of a token or smart card and/or the recognition of biometric data such as finger prints through an appropriate reading device.
Also, as already mentioned, the term ‘computer’ used for illustrating the monitoring method according to the invention must be broadly interpreted as any computer-like device, possibly also handling voice and video, capable of connecting directly or indirectly to a network housing a NSS.
The present invention can be realized in hardware, software, or a combination of hardware and software. A visualization tool according to the present invention can be realized in a centralized fashion in one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system—or other apparatus adapted for carrying out the methods and/or functions described herein—is suitable. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein. The present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which—when loaded in a computer system—is able to carry out these methods.
Computer program means or computer program in the present context include any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after conversion to another language, code or notation, and/or reproduction in a different material form.
Thus the invention includes an article of manufacture which comprises a computer usable medium having computer readable program code means embodied therein for causing a function described above. The computer readable program code means in the article of manufacture comprises computer readable program code means for causing a computer to effect the steps of a method of this invention. Similarly, the present invention may be implemented as a computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing a function described above. The computer readable program code means in the computer program product comprising computer readable program code means for causing a computer to effect one or more functions of this invention. Furthermore, the present invention may be implemented as a program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for causing one or more functions of this invention.
It is noted that the foregoing has outlined some of the more pertinent objects and embodiments of the present invention. This invention may be used for many applications. Thus, although the description is made for particular arrangements and methods, the intent and concept of the invention is suitable and applicable to other arrangements and applications. It will be clear to those skilled in the art that modifications to the disclosed embodiments can be effected without departing from the spirit and scope of the invention. The described embodiments ought to be construed to be merely illustrative of some of the more prominent features and applications of the invention. Other beneficial results can be realized by applying the disclosed invention in a different manner or modifying the invention in ways known to those familiar with the art.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5621889 *||Jun 8, 1994||Apr 15, 1997||Alcatel Alsthom Compagnie Generale D'electricite||Facility for detecting intruders and suspect callers in a computer installation and a security system including such a facility|
|US6119105||Jun 17, 1996||Sep 12, 2000||Verifone, Inc.||System, method and article of manufacture for initiation of software distribution from a point of certificate creation utilizing an extensible, flexible architecture|
|US6244758 *||Mar 24, 1997||Jun 12, 2001||Absolute Software Corp.||Apparatus and method for monitoring electronic devices via a global network|
|US6249868 *||Sep 29, 1998||Jun 19, 2001||Softvault Systems, Inc.||Method and system for embedded, automated, component-level control of computer systems and other complex systems|
|US6256737 *||Mar 9, 1999||Jul 3, 2001||Bionetrix Systems Corporation||System, method and computer program product for allowing access to enterprise resources using biometric devices|
|US6269392 *||Jun 9, 1997||Jul 31, 2001||Christian Cotichini||Method and apparatus to monitor and locate an electronic device using a secured intelligent agent|
|US6367016 *||Jun 9, 1998||Apr 2, 2002||International Business Machines Corporation||Method for controlling access to electronically provided services and system for implementing such method|
|US6405318 *||Mar 12, 1999||Jun 11, 2002||Psionic Software, Inc.||Intrusion detection system|
|US6463415 *||Aug 31, 1999||Oct 8, 2002||Accenture Llp||69voice authentication system and method for regulating border crossing|
|US6490560 *||Mar 1, 2000||Dec 3, 2002||International Business Machines Corporation||Method and system for non-intrusive speaker verification using behavior models|
|US6636983 *||May 9, 2000||Oct 21, 2003||Andrew E. Levi||Method and system for uniform resource locator status tracking|
|1||Computer Security Administration: Security News; Notebook Computer Theft at Airports.|
|2||Computer Security Products, Inc.; Common Theft Solutions High Security Steel Cable Kits.|
|3||Computer security Products, Inc.; Phazer Fiberoptics Alarm System.|
|4||Continental Resources: Eyewitness; Help for Stolen Laptops, CyberAngel offers password protection and e track down stolen laptops.|
|5||Introduction to Computer Security, Course Catalog, Instruction to Computer security.|
|6||*||'Laptop Computer Security', Caveo Technology, Nov. 2001.|
|7||Secrutiy Products; ALARMS.|
|8||Security Administration: Security News; Computer Crime; Source: Computing Canada-Jul. 4, 1996.|
|9||*||'Trusting Mobile User Devices and Security Modules', Pfistzmann et al., IEEE Feb. 1997.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8271642 *||Aug 29, 2007||Sep 18, 2012||Mcafee, Inc.||System, method, and computer program product for isolating a device associated with at least potential data leakage activity, based on user input|
|US8298295 *||Sep 28, 2007||Oct 30, 2012||Intel Corporation||Theft-deterrence method and apparatus for processor based devices|
|US8832799 *||Oct 31, 2011||Sep 9, 2014||Motorola Mobility Llc||Methods and apparatuses for hybrid desktop environment data usage authentication|
|US20090089887 *||Sep 28, 2007||Apr 2, 2009||Intel Corporation||Theft-deterrence method and apparatus for processor based devices|
|US20130111556 *||May 2, 2013||Motorola Mobility, Inc.||Methods and apparatuses for hybrid desktop environment data usage authentication|
|U.S. Classification||709/224, 713/168, 713/169, 726/26|
|Cooperative Classification||H04L43/0811, H04L43/0817, H04L63/20, H04L43/10, H04L41/06|
|European Classification||H04L43/10, H04L43/08D, H04L43/08C|
|Mar 13, 2002||AS||Assignment|
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LAMBERTON, MARC;LEVY-ABEGNOLI, ERIC;THUBERT, PASCAL;REEL/FRAME:012694/0690
Effective date: 20011113
|Jan 11, 2010||REMI||Maintenance fee reminder mailed|
|Jun 6, 2010||LAPS||Lapse for failure to pay maintenance fees|
|Jul 27, 2010||FP||Expired due to failure to pay maintenance fee|
Effective date: 20100606